Commit 32a9aac switched libvirt to use the XDG base directories
to locate most of its data/config. In particular, the per-user socket
for qemu:///session is now stored in the XDG runtime directory.
This directory is located by looking at the XDG_RUNTIME_DIR environment
variable, with a fallback to ~/.cache/libvirt if this variable is not
set.
When the daemon is autospawned because a client application wants
to use qemu:///session, the daemon is ran in a clean environment
which does not contain XDG_RUNTIME_DIR. It will create its socket
in ~/.cache/libvirt. If the client application has XDG_RUNTIME_DIR
set, it will not look for the socket in the fallback place, and will
fail to connect to the autospawned daemon.
This patch adds XDG_RUNTIME_DIR to the daemon environment before
auto-starting it. I've done this in virNetSocketForkDaemon rather
than in virCommandAddEnvPassCommon as I wasn't sure we want to pass
these variables to other commands libvirt spawns. XDG_CACHE_HOME
and XDG_CONFIG_HOME are also added to the daemon env as it makes use
of those as well.
(cherry picked from commit efe6c8021146d046846ead5b5efc9828d97c1ceb)
This makes the driver fail with a clear error message in case of UUID
collisions (for example if somebody copied a container configuration
without updating the UUID) and also raises an error on other hash map
failures.
OpenVZ itself doesn't complain about duplicate UUIDs since this
parameter is only used by libvirt.
(cherry picked from commit 31351c316fee0487dcbc5ef6b630d75be6b212e5)
Fix /domain/features setting in qemuParseCommandLine
Commit 5e6ce1 moved down detection of the ACPI feature in
qemuParseCommandLine. However, when ACPI is detected, it clears
all feature flags in def->features to only set ACPI. This used to
be fine because this was the first place were def->features was set,
but after the move this is no longer necessarily true because this
block comes before the ACPI check:
Since def is allocated in qemuParseCommandLine using VIR_ALLOC, we
can always use |= when modifying def->features
(cherry picked from commit 626dd5180e472c0b4c0c5fb7072358743ca63653)
Jim Fehlig [Mon, 9 Jul 2012 15:52:55 +0000 (09:52 -0600)]
systemd: start libvirtd after network
Domains configured with autostart may fail to start if the host
network stack has not been started. E.g. when using bridged
networking autostarting a domain can fail with
libvirtd[1403]: 2012-06-20 13:23:49.833+0000: 1485: error :
qemuAutostartDomain:177 : Failed to autostart VM 'test': Cannot get
interface MTU on 'br0': No such device
(cherry picked from commit 4036aa91bff6482cf4c136c93277619fa8ec6f94)
Peter Krempa [Thu, 21 Jun 2012 15:59:27 +0000 (17:59 +0200)]
virsh: Clarify documentation for virsh dompmsuspend command
Clarify the docs to make more clear what this command does and that it
requires a guest agent running in the guest.
(cherry picked from commit e16d434da75430b05545f4d85d156f36b1ce51d1)
Peter Krempa [Mon, 9 Jul 2012 12:10:05 +0000 (14:10 +0200)]
storage_backend_fs: Don't free a part of a structure on error
As the storage pool sources are stored in a list of structs, the pointer
returned by virStoragePoolSourceListNewSource() shouldn't be freed as it
points in the middle of a memory block. This combined with a regression
that takes the error path every time on caused a double-free abort on
the src struct in question.
(cherry picked from commit ab9c72ae9e55e7190f52ad1550624630a5c7f78b)
Recently the Ceph project defaulted auth_supported from 'none' to 'cephx'.
When no auth information was set for Ceph disks this would lead to librados defaulting to
'cephx', but there would be no additional authorization information.
We now explicitly set auth_supported to none when passing down arguments to Qemu.
qemu: add rbd to whitelist of migration-safe formats
QEMU (and librbd) flush the cache on the source before the
destination starts, and the destination does not read any
changeable data before that, so live migration with rbd caching
is safe.
This makes 'virsh migrate' work with rbd and caching without the
--unsafe flag.
Reported-by: Vladimir Bashkirtsev <vladimir@bashkirtsev.com> Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
(cherry picked from commit 78290b1641e95304c862062ee0aca95395c5926c)
Eiichi Tsukata [Fri, 29 Jun 2012 06:09:16 +0000 (15:09 +0900)]
Fix vm's outbound traffic control problem
Hello,
This is a patch to fix vm's outbound traffic control problem.
Currently, vm's outbound traffic control by libvirt doesn't go well.
This problem was previously discussed at libvir-list ML, however
it seems that there isn't still any answer to the problem.
http://www.redhat.com/archives/libvir-list/2011-August/msg00333.html
I measured Guest(with virtio-net) to Host TCP throughput with the
command "netperf -H".
Here are the outbound QoS parameters and the results.
The outbound traffic goes down unreasonably and is even not controled.
The cause of this problem is too large mtu value in "tc filter" command run by
libvirt. The command uses burst value to set mtu and the burst is equal to
average rate value if it's not set. This value is too large. For example
if the average rate is set to 1024 kilobytes/s, the mtu value is set to 1024
kilobytes. That's too large compared to the size of network packets.
Here libvirt applies tc ingress filter to Host's vnet(tun) device.
Tc ingress filter is implemented with TBF(Token Buckets Filter) algorithm. TBF
uses mtu value to calculate the amount of token consumed by each packet. With too
large mtu value, the token consumption rate is set too large. This leads to
token starvation and deterioration of TCP throughput.
Then, should we use the default mtu value 2 kilobytes?
The anser is No, because Guest with virtio-net device uses 65536 bytes
as mtu to transmit packets to Host, and the tc filter with the default mtu
value 2k drops packets whose size is larger than 2k. So, the most packets
is droped and again leads to deterioration of TCP throughput.
The appropriate mtu value is 65536 bytes which is equal to the maximum value
of network interface device defined in <linux/netdevice.h>. The value is
not so large that it causes token starvation and not so small that it
drops most packets.
Therefore this patch set the mtu value to 64kb(== 65535 bytes).
Again, here are the outbound QoS parameters and the TCP throughput with
the libvirt patched.
Peter Krempa [Thu, 28 Jun 2012 21:42:50 +0000 (23:42 +0200)]
network_conf: Don't free uninitialized pointers while parsing DNS SRV
If the user specified invalid protocol type in a network's SRV record
the error path ended up in freeing uninitialized pointers causing a
daemon crash.
Osier Yang [Wed, 27 Jun 2012 14:02:23 +0000 (22:02 +0800)]
storage: Error out if the target is already mounted for netfs pool
mnt_fsname can not be the same, as we check the duplicate pool
sources earlier before, means it can't be the same pool, moreover,
a pool can't be started if it's already active anyway. So no reason
to act as success.
(cherry picked from commit 8116529409357c82824fb280165ea0ee6f2d6277)
Michal Privoznik [Wed, 27 Jun 2012 10:06:45 +0000 (12:06 +0200)]
events: Don't fail on registering events for two different domains
virConnectDomainEventRegisterAny() takes a domain as an argument.
So it should be possible to register the same event (be it
VIR_DOMAIN_EVENT_ID_LIFECYCLE for example) for two different domains.
That is, we need to take domain into account when searching for
duplicate event being already registered.
(cherry picked from commit cd15303fd123146b0ba53e387d08ef22b707223c)
Starting a KVM guest on s390 fails immediately. This is because
"qemu --help" reports -no-acpi even for the s390(x) architecture but
-no-acpi isn't supported there.
Workaround is to remove QEMU_CAPS_NO_ACPI from the capability set
after the version/capability extraction.
Osier Yang [Mon, 25 Jun 2012 13:34:22 +0000 (21:34 +0800)]
qemu: Improve error if setmem fails for lacking of balloon support
"cannot set memory of an active domain" is misleading, it sounds
like setting memory of active domain is not supported.
(cherry picked from commit 968b6c60e9b1889dbaf72cfee1c4fccbd640d69d)
Peter Krempa [Thu, 21 Jun 2012 16:34:32 +0000 (18:34 +0200)]
virsh: Improve error when trying to change vm's cpu count 0
This patch adds a check for the count of processors the user requests
for the guest machine so that invalid values produce a more helpful
error message.
(cherry picked from commit de924ca90a0ff1ad8adeab460761f65b7a742d72)
Jim Fehlig [Thu, 21 Jun 2012 05:28:09 +0000 (23:28 -0600)]
Initialize random generator in lxc controller
The lxc contoller eventually makes use of virRandomBits(), which was
segfaulting since virRandomInitialize() is never invoked.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff554d560 in random_r () from /lib64/libc.so.6
(gdb) bt
0 0x00007ffff554d560 in random_r () from /lib64/libc.so.6
1 0x0000000000469eaa in virRandomBits (nbits=32) at util/virrandom.c:80
2 0x000000000045bf69 in virHashCreateFull (size=256,
dataFree=0x4aa2a2 <hashDataFree>, keyCode=0x45bd40 <virHashStrCode>,
keyEqual=0x45bdad <virHashStrEqual>, keyCopy=0x45bdfa <virHashStrCopy>,
keyFree=0x45be37 <virHashStrFree>) at util/virhash.c:134
3 0x000000000045c069 in virHashCreate (size=0, dataFree=0x4aa2a2 <hashDataFree>)
at util/virhash.c:164
4 0x00000000004aa562 in virNWFilterHashTableCreate (n=0)
at conf/nwfilter_params.c:686
5 0x00000000004aa95b in virNWFilterParseParamAttributes (cur=0x711d30)
at conf/nwfilter_params.c:793
6 0x0000000000481a7f in virDomainNetDefParseXML (caps=0x702c90, node=0x7116b0,
ctxt=0x7101b0, bootMap=0x0, flags=0) at conf/domain_conf.c:4589
7 0x000000000048cc36 in virDomainDefParseXML (caps=0x702c90, xml=0x710040,
root=0x7103b0, ctxt=0x7101b0, expectedVirtTypes=16, flags=0)
at conf/domain_conf.c:8658
8 0x000000000048f011 in virDomainDefParseNode (caps=0x702c90, xml=0x710040,
root=0x7103b0, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9360
9 0x000000000048ee30 in virDomainDefParse (xmlStr=0x0,
filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", caps=0x702c90,
expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9310
10 0x000000000048ef00 in virDomainDefParseFile (caps=0x702c90,
filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", expectedVirtTypes=16, flags=0)
at conf/domain_conf.c:9332
11 0x0000000000425053 in main (argc=5, argv=0x7fffffffe2b8)
at lxc/lxc_controller.c:1773
(cherry picked from commit 57349ffc10290eed2cb25ca7cfb4b34ab5003156)
Until now, it was possible to crash libvirtd when defining domain with
channel device with missing source element.
When creating new virDomainChrDef, target.port is set to -1, but
unfortunately it is an union with addresses that virDomainChrDefFree
tries to free in case the deviceType is channel. Having the port set
to -1 is intended, however the cleanest way to get around the problems
with the crash seems to be renumbering the VIR_DOMAIN_CHR_CHANNEL_
target types to cover new NONE type (with value 0) being the default
(no target type yet).
(cherry picked from commit 830d035ff5a88c3896a6e508364e34697de941a1)
virsh: make domiftune interface help string consistent
Append '(MAC Address)' after the help string of domiftune virsh
command as it takes the same type of argument as domif-{get,set}link
which have it specified.
(cherry picked from commit 4b2273074c2459136c67e657d2a2ac2e9db6f5a4)
Michal Privoznik [Fri, 15 Jun 2012 16:00:13 +0000 (18:00 +0200)]
qemu_agent: Wait for events instead of agent response
With latest changes to qemu-ga success on some commands is not reported
anymore, e.g. guest-shutdown or guest-suspend-*. However, errors are
still being reported. Therefore, we need to find different source of
indication if operation was successful. Events.
(cherry picked from commit d97a234c62d272eb140c836cb93d750a4dec3354)
Eric Blake [Wed, 13 Jun 2012 16:09:39 +0000 (10:09 -0600)]
build: hoist qemu dependence on yajl to configure
Commit 6e769eba made it a runtime error if libvirt was compiled
without yajl support but targets a new enough qemu. But enough
users are hitting this on self-compiled libvirt that it is worth
erroring out at compilation time, rather than an obscure failure
when trying to use the built executable.
* configure.ac: If qemu is requested and -version works, require
yajl when qemu version is new enough.
* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Add
comment.
(cherry picked from commit 350583c859deaaddc98d7319e1c2ad649e4d3e83)
Cole Robinson [Fri, 15 Jun 2012 17:46:51 +0000 (13:46 -0400)]
autogen: Always abide --system
If we do ./autogen.sh && ./configure, then later try ./autogen.sh --system,
configure isn't invoked with the requested params. Instead
config.status --recheck is run.
(cherry picked from commit 2cd29c3107ff1f135e05fa55f3b389f37a6cb867)
Jim Fehlig [Thu, 14 Jun 2012 17:20:17 +0000 (11:20 -0600)]
Check for errors when parsing bridge interface XML
The return status of virInterfaceDefParseBridge() was not being
checked, potentially resulting in the creation of a broken
interface.
(cherry picked from commit cc004a664750e84a234d01ae4a5d774f7f980307)
Osier Yang [Fri, 15 Jun 2012 02:34:04 +0000 (10:34 +0800)]
schema: Update domain XML schema
'boot' tag shouldn't be exclusive with 'kernel', 'initrd', and 'cmdline',
though the boot sequence doesn't make sense when the guest boots from
kernel directly. But it's useful if booting from kernel is to install
a newguest, even if it's not to install a guest, there is no hurt. And
on the other hand, we allow 'boot' and the kernel tags when parsing.
(cherry picked from commit b34324fbf09c82fbd4ad2c0dcc140172ee045c8a)
Wen Congyang [Fri, 25 May 2012 10:12:00 +0000 (18:12 +0800)]
qemu: fix potential dead lock
If we lock the qemu_driver, we should call qemuDomainObjBeginJobWithDriver()
not qemuDomainObjBeginJob().
(cherry picked from commit 5136c5799fabe411eb0fadc59377572e21386d83)
Osier Yang [Thu, 14 Jun 2012 11:09:53 +0000 (19:09 +0800)]
virsh: Null terminated the string memcpy from buffer explicitly
Detected by valgrind:
==16217== 1 errors in context 1 of 12:
==16217== Invalid read of size 1
==16217== at 0x4A07804: __GI_strlen (mc_replace_strmem.c:284)
==16217== by 0x3019F167F6: xdr_string (in /lib64/libc-2.12.so)
==16217== by 0x3033709E8D: xdr_remote_nonnull_string (remote_protocol.c:31)
==16217== by 0x303370E5CB: xdr_remote_domain_update_device_flags_args (remote_protocol.c:2028)
==16217== by 0x30337197D1: virNetMessageEncodePayload (virnetmessage.c:341)
==16217== by 0x30337135E1: virNetClientProgramCall (virnetclientprogram.c:327)
==16217== by 0x30336F1EFD: callWithFD (remote_driver.c:4586)
==16217== by 0x30336F1F7B: call (remote_driver.c:4607)
==16217== by 0x30336F42F2: remoteDomainUpdateDeviceFlags (remote_client_bodies.h:2865)
==16217== by 0x30336D46E5: virDomainUpdateDeviceFlags (libvirt.c:9457)
==16217== by 0x41AEE8: cmdChangeMedia (virsh.c:15249)
==16217== by 0x413CB4: vshCommandRun (virsh.c:18669)
==16217== Address 0x4ec5e25 is 0 bytes after a block of size 293 alloc'd
==16217== at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==16217== by 0x303364F1DB: virAllocN (memory.c:129)
==16217== by 0x41A844: vshPrepareDiskXML (virsh.c:15043)
==16217== by 0x41AECC: cmdChangeMedia (virsh.c:15246)
==16217== by 0x413CB4: vshCommandRun (virsh.c:18669)
==16217== by 0x423973: main (virsh.c:20261)
(cherry picked from commit e3843d7f046da93d5dfb8f1a8a8f4fcee8f6a5c1)
The public libvirt API does not have any application visible
dependency on Xen libraries. The xen-devel dependency is thus
bogus
(cherry picked from commit 899bf6680a8c7c715e79ed6e80b00528eacb73cc)
In case nparams was originally set to 0, virDomain* API would fill it
with the number of typed parameters it can provide and we would use this
number (rather than zero) to clear params. Because VIR_ALLOC* returns
non-NULL pointer even if size is 0, the code would end up walking
through random memory. If we were lucky enough and the memory contained
7 (VIR_TYPED_PARAM_STRING) at the right place, we would try to free a
random pointer and crash.
libvirt-guests: systemd host shutdown does not work
I originally postet this into the Fedora bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=843836
Currently gracefully shutting down guest vms on host shutdown does not work on
Fedora 17, the guests are killed hard on system shutdown.
The reason is systemd considers libvirt-guests.service to be stopped when the
system is running:
$ systemctl status libvirt-guests.service
libvirt-guests.service - Suspend Active Libvirt Guests
Loaded: loaded (/usr/lib/systemd/system/libvirt-guests.service;
enabled)
Active: deactivating (stop) since Fri, 27 Jul 2012 15:47:31 +0200;
2min 48s ago
Process: 1085 ExecStart=/etc/init.d/libvirt-guests start
(code=exited, status=0/SUCCESS)
Control: 1150 (libvirt-guests)
CGroup: name=systemd:/system/libvirt-guests.service
└ control
├ 1150 /bin/sh /etc/init.d/libvirt-guests stop
└ 2257 sleep 1
libvirt-guests.service is defined as type "simple" in systemd (the default).
That means systemd will shut down the service when the start executable is
terminated after starting is done. Systemd will not call stop again on system
shutdown because it thinks it is already stopped.
The solution is to define it as type "oneshot" and set the flag
"RemainAfterExit". Then systemd will consider the service as active after
startup and will call the stop function on host shutdown.
(cherry picked from commit 79ca7e4e5763795b041e95738c73d4e64bf1024b)
Eric Blake [Tue, 10 Jul 2012 15:37:07 +0000 (09:37 -0600)]
build: update to latest gnulib, for secure tarball
Pick up some build fixes in the latest gnulib. In particular,
we want to ensure that official tarballs are secure, but don't
want to penalize people who don't run 'make dist', since fixed
automake still hasn't hit common platforms like Fedora 17.
* .gnulib: Update to latest, for Automake CVE-2012-3386 detection.
* bootstrap: Resync from gnulib.
* bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib
has dropped it in favor of Automake's version.
* cfg.mk (local-checks-to-skip): Conditionally skip the security
check in cases where it doesn't matter.
(cherry picked from commit f12e1396212b9127306245c61566f171a3df7aa3)
Update to latest GNULIB to fix compat with Mingw64 toolchain
On both x86_64-w64-mingw32 and i686-w64-mingw32 there were
the following warnings/errors:
CC fstat.lo
../../../gnulib/lib/fstat.c:27:0: warning: "stat" redefined [enabled by default]
In file included from ./sys/stat.h:32:0,
from ../../../gnulib/lib/fstat.c:25:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition
../../../gnulib/lib/fstat.c:28:0: warning: "fstat" redefined [enabled by default]
In file included from ./sys/stat.h:32:0,
from ../../../gnulib/lib/fstat.c:25:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:259:0: note: this is the location of the previous definition
CC stat.lo
../../../gnulib/lib/stat.c:32:0: warning: "stat" redefined [enabled by default]
In file included from ./sys/stat.h:32:0,
from ../../../gnulib/lib/stat.c:27:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition
CC stdio-read.lo
../../../gnulib/lib/stdio-read.c:102:1: error: redefinition of 'vscanf'
In file included from ./stdio.h:43:0,
from ../../../gnulib/lib/stdio-read.c:21:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:397:7: note: previous definition of 'vscanf' was here
../../../gnulib/lib/stdio-read.c:108:1: error: redefinition of 'vfscanf'
In file included from ./stdio.h:43:0,
from ../../../gnulib/lib/stdio-read.c:21:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:384:7: note: previous definition of 'vfscanf' was here
make[3]: *** [stdio-read.lo] Error 1
make[3]: Leaving directory `/home/berrange/src/virt/libvirt/build/gnulib/lib'
While on x86_64-w64-mingw32 only there was:
In file included from ../../../gnulib/lib/regex.c:69:0:
../../../gnulib/lib/regcomp.c: In function 'parse_dup_op':
../../../gnulib/lib/regcomp.c:2624:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
../../../gnulib/lib/regcomp.c: In function 'mark_opt_subexp':
../../../gnulib/lib/regcomp.c:3859:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
Eric Blake [Mon, 28 May 2012 12:48:26 +0000 (06:48 -0600)]
build: update to latest gnulib
Gnulib finally relaxed the isatty license, needed as first mentioned here:
https://www.redhat.com/archives/libvir-list/2012-February/msg01022.html
Other improvements include better syntax-check rules (we can delete one
of ours now that it is a duplicate) and better compiler warning usage.
* .gnulib: Update to latest, for isatty.
* cfg.mk (sc_prohibit_strncpy): Drop a now-redundant rule.
* bootstrap.conf (gnulib_modules): Add isatty.
* bootstrap: Resync from gnulib.
(cherry picked from commit e925ea3156f2cc8d57a29eeeb839202adc989391)
Eric Blake [Wed, 6 Jun 2012 15:45:04 +0000 (09:45 -0600)]
build: fix build of fresh checkout
Commit 7bff56a worked in an incremental build, but fails for a
fresh clone; apparently, if make sees both an actual file
spelling and an inference rule, only the exact spelling is used.
CCLD libvirt_driver_test.la
CC libvirt_driver_remote_la-remote_driver.lo
remote/remote_driver.c:4707:34: fatal error: remote_client_bodies.h: No such file or directory
compilation terminated.
BUILT_SOURCES to the rescue, instead of trying to mess with .lo
dependencies directly.
* src/Makefile.am (REMOTE_DRIVER_PREREQS, %remote_driver.lo): Drop...
(BUILT_SOURCES): ...and add here instead.
(cherry picked from commit ca02b101d74510df424c5ea659d7b7d481874f98)
Eric Blake [Wed, 30 May 2012 17:30:18 +0000 (11:30 -0600)]
build: fix 'make distcheck' issues
We had a distributed file (remote_protocol.h, which in turn was
a prereq to remote_driver.c) depending on a generated file
(libvirt_probes.h), which is a no-no for a VPATH build from a
read-only source tree (no wonder 'make distcheck' tests precisely
that situation):
File `libvirt_driver_remote.la' does not exist.
File `libvirt_driver_remote_la-remote_driver.lo' does not exist.
Prerequisite `libvirt_probes.h' is newer than target `../../src/remote/remote_protocol.h'.
Must remake target `../../src/remote/remote_protocol.h'.
Invoking recipe from Makefile:7464 to update target `../../src/remote/remote_protocol.h'.
make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/libvirt-0.9.12/_build/src'
GEN ../../src/remote/remote_protocol.h
cannot create ../../src/remote/remote_protocol.h: Permission denied at ../../src/rpc/genprotocol.pl line 31.
make[3]: *** [../../src/remote/remote_protocol.h] Error 13
Rather than making distributed .c files depend on generated files, we
really want to ensure that compilation into .lo files is not attempted
until the generated files are present, done by this patch. Since there
were two different sets of conditionally generated files that both
feed the .lo file, I had to introduce a new variable REMOTE_DRIVER_PREREQS
to keep automake happy.
After that fix, the next issue was that make treats './foo' and 'foo'
differently in determining whether an implicit %foo rule is applicable,
with the result that locking/qemu-sanlock.conf wasn't properly being
built at the right times. Also, the output for using the .aug test
files was a bit verbose.
After fixing the src directory, the next error is related to the docs
directory, where the tarball is missing a stamp file and thus tries to
regenerate files that are already present:
GEN ../../docs/apibuild.py.stamp
Traceback (most recent call last):
File "../../docs/apibuild.py", line 2511, in <module>
rebuild("libvirt")
File "../../docs/apibuild.py", line 2495, in rebuild
builder.serialize()
File "../../docs/apibuild.py", line 2424, in serialize
output = open(filename, "w")
IOError: [Errno 13] Permission denied: '../../docs/libvirt-api.xml'
make[5]: *** [../../docs/apibuild.py.stamp] Error 1
and fixing that exposed another case of a distributed file (generated
html) depending on a built file (libvirt.h), but only when doing an
in-tree build, because of a file glob.
* src/Makefile.am ($(srcdir)/remote/remote_driver.c): Change...
(libvirt_driver_remote_la-remote_driver.lo): ...to the real
dependency.
($(builddir)/locking/%-sanlock.conf): Drop $(builddir), so that
rule gets run in time for test_libvirt_sanlock.aug.
(test_libvir*.aug): Cater to silent build.
(conf_DATA): Don't ship qemu-sanlock.conf in the tarball, since it
is trivial to regenerate.
* docs/Makefile.am (EXTRA_DIST): Ship our stamp file.
($(APIBUILD_STAMP)): Don't depend on generated file.
(cherry picked from commit 7bff56a0d1514cb955eb14adc14281626e80e96c)
Eric Blake [Wed, 13 Jun 2012 03:49:22 +0000 (21:49 -0600)]
build: fix 'make dist' on virgin checkout
'make dist' was depending on *protocol-structs files, which are
stored in git but in turn depended on generated files. We still
want to ship the protocol-structs files, but by renaming the
tests to something not matching a file name, we separate 'make
check' (which depends on the generated file) from 'make dist'
(which only depends on the git files). After all, the tarball
should never depend on a generated file not stored in git.
I found one more case of a git file depending on a generated
file, in a bogus virkeycode.c listing; but at least this one
had no associated rules so it never broke 'make dist'.
Reported by Wen Congyang. Latent bug has been present since
commit 62dee6f, but only recently exposed by commit 7bff56a.
* src/Makefile.am ($(srcdir)/util/virkeycode.c): Drop useless
dependency.
(BUILT_SOURCES): ...and build virkeymaps.h sooner.
(PROTOCOL_STRUCTS): Rather than depend on the struct file...
(check-local): ...convert things into a phony target of...
(check-protocol): ...a new check.
($(srcdir)/remote_protocol-struct): Rename to isolate the distributed
file from the conditional test.
(PDWTAGS): Deal with rename. Swap to compare 'expected actual'.
(cherry picked from commit 9b5970c6c4ef267f2ba7d43d8b4d4996659c9fe1)
Peter Krempa [Thu, 14 Jun 2012 12:48:42 +0000 (14:48 +0200)]
qemu: Enable disconnecting SPICE clients without changing password
Libvirt updates the configuration of SPICE server only when something
changes. This is unfortunate when the user wants to disconnect a
existing spice session when the connected attribute is already
"disconnect".
This patch modifies the conditions for calling the password updater to
be called when nothing changes, but the connected attribute is already
"disconnect".
(cherry picked from commit e0f0131d33e283f1b76c05eb7bef4bbbb3f2fd72)
Peter Krempa [Thu, 14 Jun 2012 08:29:36 +0000 (10:29 +0200)]
qemu: Fix off-by-one error while unescaping monitor strings
While unescaping the commands the commands passed through to the monitor
function qemuMonitorUnescapeArg() initialized lenght of the input string
to strlen()+1 which is fine for alloc but not for iteration of the
string.
This patch fixes the off-by-one error and drops the pointless check for
a single trailing slash that is automaticaly handled by the default
branch of switch.
(cherry picked from commit 0f4660c8787cc41fe67f869984c0ae11d680037e)
Peter Krempa [Wed, 13 Jun 2012 14:55:51 +0000 (16:55 +0200)]
virsh: Don't generate invalid XML in attach-disk command
The attach-disk command used with parameter --cache created an invalid
XML snippet as the beginning of the <driver> element was not printed
when used solely with --cache and no other attribute to driver.
(cherry picked from commit 5b4740265cf1e9cd00165e54e1f5e81f9008bc63)
Eric Blake [Mon, 11 Jun 2012 20:49:03 +0000 (14:49 -0600)]
python: fix snapshot listing bugs
Python exceptions are different than libvirt errors, and we had
some corner case bugs on OOM situations.
* python/libvirt-override.c (libvirt_virDomainSnapshotListNames)
(libvirt_virDomainSnapshotListChildrenNames): Use correct error
returns, avoid segv on OOM, and avoid memory leaks on error.
(cherry picked from commit a0de5d78ef593958bcb83e563fe54137fe43c4ff)
Eric Blake [Mon, 11 Jun 2012 20:32:47 +0000 (14:32 -0600)]
python: use simpler methods
* python/libvirt-override.c (libvirt_virDomainGetVcpus)
(libvirt_virDomainGetVcpuPinInfo): Use Py_XDECREF instead of
open-coding it.
(cherry picked from commit 8566618f65d983b31efb8efec13c25c6410b1718)
Michal Privoznik [Mon, 11 Jun 2012 13:57:19 +0000 (15:57 +0200)]
qemu: Don't overwrite security labels
Currently, if qemuProcessStart fail at some point, e.g. because
domain being started wants a PCI/USB device already assigned to
a different domain, we jump to cleanup label where qemuProcessStop
is performed. This unconditionally calls virSecurityManagerRestoreAllLabel
which is wrong because the other domain is still using those devices.
However, once we successfully label all devices/paths in
qemuProcessStart() from that point on, we have to perform a rollback
on failure - that is - we have to virSecurityManagerRestoreAllLabel.
(cherry picked from commit 86032b2276ace5a7977aad2bbae73b4c33e31914)
Michal Privoznik [Mon, 11 Jun 2012 13:20:44 +0000 (15:20 +0200)]
qemuProcessStop: Switch to flags
Currently, we are passing only one boolean (migrated) so there is
no real profit in this. But it creates starting position for
next patch.
(cherry picked from commit 69dd77149cacc6b12740bd70b729b6cb7506f4e0)
Laine Stump [Mon, 11 Jun 2012 21:16:17 +0000 (17:16 -0400)]
docs: minor fixes to domain interface documentation
A few examples for <interface> had a type='direct' interface with no
sub-elements. This is not allowed - a type='direct' interface must
have at least a source element. (Most likely the example was copied
from the type='user' or type='ethernet' examples - they *do* allow an
instance with no sub-elements).
There was also one place that mistakenly used %lt; ... %gt; instead of
< ... > (for some reason, I make that typo all the time).
(cherry picked from commit 549741ee44c9d3dcaf0231d2f09838f46ac1d74d)
Eric Blake [Thu, 7 Jun 2012 19:23:49 +0000 (13:23 -0600)]
docs: link to FLOSS Weekly podcast, virt blogs
Eric Blake and Guido Günther were guests during this week's
FLOSS Weekly podcast, giving insights into libvirt as a Free
Software project. Also, there are several useful blogs on
virt-related topics.
Eric Blake [Fri, 8 Jun 2012 03:46:47 +0000 (21:46 -0600)]
snapshot: avoid virsh crash with older servers
Commits 51082301, 16d7b39, and 521cc447 introduced support for
'virsh snapshot-list --from' when talking to a server older than
0.9.5, but broke support for plain 'virsh snapshot-list' for the
same old server in the process. Because the code is not properly
gated, we end up with a SIGSEGV during a strcmp with a NULL argument.
* tools/virsh.c (cmdSnapshotList): Don't waste time on fallbacks
when --from is not present.
(cherry picked from commit d9f606659829e666803d95d05aee9ca1ecced955)
Li Zhang [Tue, 29 May 2012 08:35:17 +0000 (16:35 +0800)]
Assign correct address type to spapr-vlan and spapr-vty.
For pseries guest, spapr-vlan and spapr-vty is based
on spapr-vio address. According to model of network
device, the address type should be assigned automatically.
For serial device, serial pty device is recognized as
spapr-vty device, which is also on spapr-vio.
So this patch is to correct the address type of
spapr-vlan and spapr-vty, and build correct
command line of spapr-vty.
Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com> Reviewed-by: Michael Ellerman<michaele@au1.ibm.com>
(cherry picked from commit 04a319ba4e5f82e56af47e18dc055e5735ddd74d)
Eric Blake [Thu, 7 Jun 2012 16:48:05 +0000 (10:48 -0600)]
maint: make it easier to copy FORTIFY_SOURCE snippet
While libvirt intentionally avoids -Wundef (after all, C99
guarantees sane semantics of treating undefined macros as 0),
the glibc insanity of #warning on _FORTIFY_SOURCE coupled with
what some people feel is the black magic of autoconf means
that other projects are likely to copy our snippet verbatim.
We can be nicer to other projects by making it easier to
integrate into projects that use -Wundef.
Suggested by Christophe Fergeau.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Be nice
to other projects using -Wundef.
(cherry picked from commit 1c2edf0fbd4d20b3955cd5a3d8986413e94fba51)
Eric Blake [Sat, 26 May 2012 02:17:01 +0000 (20:17 -0600)]
command: avoid potential deadlock on handshake
There is a theoretical problem of an extreme bug where we can get
into deadlock due to command handshaking. Thanks to a pair of pipes,
we have a situation where the parent thinks the child reported an
error and is waiting for a message from the child to explain the
error; but at the same time the child thinks it reported success
and is waiting for the parent to acknowledge the success; so both
processes are now blocked.
Thankfully, I don't think this deadlock is possible without at
least one other bug in the code, but I did see exactly that sort
of situation prior to commit da831af - I saw a backtrace where a
double close bug in the parent caused the parent to read from the
wrong fd and assume the child failed, even though the child really
sent success.
This potential deadlock is not quite like commit 858c247 (a deadlock
due to multiple readers on one pipe preventing a write from completing),
although the solution is similar - always close unused pipe fds before
blocking, rather than after.
Eric Blake [Thu, 31 May 2012 21:50:07 +0000 (15:50 -0600)]
command: avoid deadlock on EPIPE situation
It is possible to deadlock libvirt by having a domain with XML
longer than PIPE_BUF, and by writing a hook script that closes
stdin early. This is because libvirt was keeping a copy of the
child's stdin read fd open, which means the write fd in the
parent will never see EPIPE (remember, libvirt should always be
run with SIGPIPE ignored, so we should never get a SIGPIPE signal).
Since there is no error, libvirt blocks waiting for a write to
complete, even though the only reader is also libvirt. The
solution is to ensure that only the child can act as a reader
before the parent does any writes; and then dealing with the
fallout of dealing with EPIPE.
Thankfully, this is not a security hole - since the only way to
trigger the deadlock is to install a custom hook script, anyone
that already has privileges to install a hook script already has
privileges to do any number of other equally disruptive things
to libvirt; it would only be a security hole if an unprivileged
user could install a hook script to DoS a privileged user.
* src/util/command.c (virCommandRun): Close parent's copy of child
read fd earlier.
(virCommandProcessIO): Don't let EPIPE be fatal; the child may
be done parsing input.
* tests/commandhelper.c (main): Set up a SIGPIPE situation.
* tests/commandtest.c (test20): Trigger it.
* tests/commanddata/test20.log: New file.
(cherry picked from commit 858c2476d9dccf630ad5b7f4d8e0e61e9295c2b6)
Eric Blake [Mon, 4 Jun 2012 17:33:20 +0000 (11:33 -0600)]
build: allow building with newer glibc-headers and -O0
glibc 2.15 (on Fedora 17) coupled with explicit disabling of
optimization during development dies a painful death:
In file included from /usr/include/limits.h:27:0,
from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:169,
from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/syslimits.h:7,
from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:34,
from util/bitmap.c:26:
/usr/include/features.h:314:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
cc1: all warnings being treated as errors
Work around this by only conditionally defining _FORTIFY_SOURCE,
in the case where glibc can actually use it. The trick is using
AH_VERBATIM instead of AC_DEFINE.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Squelch
_FORTIFY_SOURCE when needed to avoid glibc #warnings.
(cherry picked from commit 2af63b1c349114df98c163a8401fd9cf2facdabe)
Radu Caragea [Mon, 4 Jun 2012 07:32:37 +0000 (09:32 +0200)]
Fix sync issue in virNetClientStreamEventRemoveCallback
The stream lock is unlocked twice instead of being locked and then
unlocked. Probably a typo.
(cherry picked from commit 107f51b69c44b9902ed76ab0e33e89dde5d21cb1)
The problem is that an interface with type='hostdev' will have an
alias of the form "hostdev%d", while the function that looks through
existing netdevs to determine the name to use for a new addition will
fail if there's an existing entry that does not match the form
"net%d".
This is another of the handful of places that need an exception due to
the hybrid nature of <interface type='hostdev'> (which is not exactly
an <interface> or a <hostdev>, but is both at the same time).
(cherry picked from commit 6734ce7bc8ec4da7900080aa17fef20c68d401ef)
tools: make virt-pki-validate work with acls and xattrs
This patch makes virt-pki-validate work with certificates that have
acl or xattr set. Otherwise it failing due to wrong permissions.
(cherry picked from commit d4fb6694a4b7d5c613136e3bfc1bbf8d6b98ec74)
Wen Congyang [Wed, 30 May 2012 09:20:44 +0000 (17:20 +0800)]
qemu: avoid closing fd more than once
If we migrate to fd, spec->fwdType is not MIGRATION_FWD_DIRECT,
we will close spec->dest.fd.local in qemuMigrationRun(). So we
should set spec->dest.fd.local to -1 in qemuMigrationRun().
Eric Blake [Wed, 30 May 2012 15:20:37 +0000 (09:20 -0600)]
fdstream: avoid double close bug
Wen Congyang reported that we have a double-close bug if we fail
virFDStreamOpenInternal, since childfd duplicated one of the fds[]
array contents. In truth, since we always transfer both members
of fds to other variables, we should close the fds through those
other names, and just use fds[] for pipe().
* src/fdstream.c (virFDStreamOpenFileInternal): Swap scope of
childfd and fds[], to avoid a double close.
(cherry picked from commit f3cfc7c8848006b613e09bb1acd081716854527e)
Eric Blake [Tue, 29 May 2012 23:47:58 +0000 (17:47 -0600)]
command: avoid double close bugs
KAMEZAWA Hiroyuki reported a nasty double-free bug when virCommand
is used to convert a string into input to a child command. The
problem is that the poll() loop of virCommandProcessIO would close()
the write end of the pipe in order to let the child see EOF, then
the caller virCommandRun() would also close the same fd number, with
the second close possibly nuking an fd opened by some other thread
in the meantime. This in turn can have all sorts of bad effects.
The bug has been present since the introduction of virCommand in
commit f16ad06f.
This is based on his first attempt at a patch, at
https://bugzilla.redhat.com/show_bug.cgi?id=823716
* src/util/command.c (_virCommand): Drop inpipe member.
(virCommandProcessIO): Add argument, to avoid closing caller's fd
without informing caller.
(virCommandRun, virCommandNewArgs): Adjust clients.
(cherry picked from commit da831afcf2f6c0d3ed1ea3128a6208f548a05d8f)
Wen Congyang [Wed, 30 May 2012 09:20:46 +0000 (17:20 +0800)]
avoid fd leak
virCommandRunAsync() will set errfd if it succeed. We should
close it if virFDStreamOpenInternal() fails.
(cherry picked from commit 655cffa0f25be40c68624036af80bde102177612)
Eric Blake [Tue, 29 May 2012 14:10:44 +0000 (08:10 -0600)]
build: silence warning from autoconf
Autoconf 2.60 and later insist on using ${datarootdir}, rather than
the derived ${datadir} (although the latter defaults to the former,
it is possible to set configure arguments so that they differ):
config.status: creating libvirt.pc
config.status: WARNING: 'libvirt.pc.in' seems to ignore the --datarootdir setting
This patch follows the autoconf manual's suggestions for how to
support 2.59 (RHEL 5) and newer simultaneously.
* libvirt.pc.in (datarootdir): Define, so ${datadir} will not ignore
datarootdir when using newer autoconf.
(cherry picked from commit aabf77aa41e9589faa7ce44add87b97f5a6dde2e)
Michal Privoznik [Wed, 30 May 2012 12:17:26 +0000 (14:17 +0200)]
virCommand: Extend debug message for handshake
Currently, we are logging only one side of pipes we
create in virCommandRequireHandshake(); This is enough
in cases where pipe2() returns two consecutive FDs. However,
it is not guaranteed and it may return any FDs.
Therefore, it's wise to log the other ends as well.
(cherry picked from commit 7454849ec5489c7b52d3b41a8022f2bc6fda9eee)
When getting number of CPUs the host has assigned, there was always
number "1" returned. Even though all lxc domains with no pinning
launched by libvirt run on all pCPUs (by default, no matter what's the
number), we should at least return the same number as the user
specified when creating the domain.
(cherry picked from commit 87dfdb0b92f234a08408332095454260f1c86917)
Dave Allan [Tue, 29 May 2012 22:49:13 +0000 (16:49 -0600)]
examples: add consolecallback example python script
A while back I wrote the attached code to demonstrate how to use
events and serial console to create a serial console that stays up
even when the VM is down. It might need some work, as I am not
terribly strong with Python.
* examples/python/consolecallback.py: New file.
* examples/python/Makefile.am (EXTRA_DIST): Ship it.
(cherry picked from commit ffc9f7ab4f203ce6825dbdc22b75f0894ae833b2)
Stefan Berger [Tue, 29 May 2012 10:25:59 +0000 (06:25 -0400)]
leak_fix.diff
==3240== 23 bytes in 1 blocks are definitely lost in loss record 242 of 744
==3240== at 0x4C2A4CD: malloc (vg_replace_malloc.c:236)
==3240== by 0x8077537: __vasprintf_chk (vasprintf_chk.c:82)
==3240== by 0x509C677: virVasprintf (stdio2.h:199)
==3240== by 0x509C733: virAsprintf (util.c:1912)
==3240== by 0x1906583A: qemudStartup (qemu_driver.c:679)
==3240== by 0x511991D: virStateInitialize (libvirt.c:809)
==3240== by 0x40CD84: daemonRunStateInit (libvirtd.c:751)
==3240== by 0x5098745: virThreadHelper (threads-pthread.c:161)
==3240== by 0x7953D8F: start_thread (pthread_create.c:309)
==3240== by 0x805FF5C: clone (clone.S:115)
"accel3d" was specified twice, the second one is obviously "accel2d"
(also from the text down below.
(cherry picked from commit 94618eb66ac79cae49bd564f397ae3a4f1e49f98)
projects / thirdparty / libvirt.git / log
